ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

x402 Private Web Tools

v1.0.0

Private web tools for AI agents — search, scrape, and screenshot the web with x402 micropayments (USDC on Base). Zero logging, no API keys, no accounts. Pay...

0· 632·0 current·0 all-time
by@kodos-vibe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, scripts, and CLI all align: the tool pays for web search/scrape/screenshot via an x402 payment SDK using an EVM wallet. However wallet-gen.mjs prints and documents Base Sepolia (testnet) while SKILL.md repeatedly instructs funding on Base mainnet — this mismatch is confusing and could cause users to fund the wrong chain.
Instruction Scope
Runtime instructions are narrowly scoped to installing the client, generating a wallet, and making paid requests to the declared gateway (https://search.reversesandbox.com). The scripts only read the wallet key (env var or key file) and perform network requests to the gateway; they do not access unrelated system paths or secrets.
!
Install Mechanism
setup.sh runs npm install in the user's ~/.x402-client directory and writes package.json, pulling three packages (@x402/fetch, @x402/evm, viem) from the npm registry. This is a standard but non-trivial supply-chain action: it will fetch and install third-party code into your home directory. The packages are not verified here and the skill includes no pinned source/release URLs.
!
Credentials
The skill requires an EVM private key to sign payments and instructs users to export X402_PRIVATE_KEY or store a key file. That is necessary for payments but is highly sensitive. The metadata declared no required env vars even though the scripts use X402_PRIVATE_KEY and X402_KEY_FILE. Also wallet-gen prints private keys to stdout (unless saved) which can leak the secret if logs are captured — the mismatch between 'mainnet' vs 'sepolia' in docs increases risk of mis-funding.
Persistence & Privilege
The skill is not always-on and does not request elevated system-wide privileges. It installs files into ~/.x402-client (its own directory) and does not modify other skills or global agent settings. Autonomous invocation is allowed by default (normal).
What to consider before installing
This appears to be an instruction-only client that installs npm packages and requires you to supply an EVM private key to pay per request. Before installing: (1) verify the npm packages (@x402/* and viem) and the GitHub repo referenced for the MCP server are legitimate and reviewed; (2) prefer saving the private key to a file with restrictive permissions (600) rather than exporting it into your shell long-term; (3) use an ephemeral wallet funded with minimal USDC/ETH (so a compromised key has limited impact); (4) note the wallet-gen script mentions Base Sepolia (testnet) while the README says Base mainnet — confirm which network is intended before sending funds; (5) be aware npm install will pull code from the registry into your home dir (supply-chain risk). If you are uncomfortable with those risks or cannot verify the package sources, do not install or fund a real mainnet wallet.

Like a lobster shell, security has layers — review code before you run it.

latestvk973srp23z7z6j2jh2nc341zmd81a3ew

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments